Extracted

• • Target

    43a039154f510bc108d55885884e2b80466a01115bdfa18f56eac2e4f95e19a8

  • Size

    522KB

  • MD5

    928460d3fa08993d33b78cfe014662a4

  • SHA1

    653205f6e43076b554f4bdedf8e6e0644e5946b7

  • SHA256

    43a039154f510bc108d55885884e2b80466a01115bdfa18f56eac2e4f95e19a8

  • SHA512

    289bca58652b46398422cef0a11788fb4991182e8bdc229b180c901620b94dea4a5f057d87b090f84150936f13e475ca2036c425c583a4fd914b9abfa02e0c41

  • SSDEEP

    12288:vMrLy90Wb63zkeIM355/5s3R24ssrLi5sr6EGV9O:YyT631p5QR7ss65srqVE

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1